<h1>Pre-Launch Checklist</h1>
<p>Here's a little checklist that you can run through before launching your next big Trongate web app.</p>

<h2>Check 1</h2>
<p>When you launch your web app, make sure your main config file (<code>config.php</code>) does <em>not</em> have 'ENV' set to 'dev'. The recommendation is to change the ENV setting to 'live' or 'production' or <em>any</em> word that is not 'DEV' or 'dev'.</p>
<div class="alert alert-danger">
  Never launch a Trongate web app with the environment set to 'dev'.
</div>

<h2>Check 2</h2>
<p>Change the password to your admin panels to something that is difficult or impossible to guess.</p>
<div class="alert alert-danger">
  The admin panels that are produced by the Trongate Desktop App all have a default username of 'admin' and a default password of 'admin'. So, it's really important to make sure you don't have 'admin' as your password.
</div>

<h2>Check 3</h2>
<p>Improve your site security by hiding your main admin login URL.</p>

<h2><strong>Check 4</strong></h2>
<p>Make sure your <code>BASE_URL</code> is set to the full base URL that corresponds with your live website homepage. For example, 'https://trongate.io/'.</p>

<h2>Check 5</h2>
<p>Make sure your <code>database.php</code> file contains database settings that relate to <em>your</em> live database and not your localhost.</p>

<h2>Check 6</h2>
<p>Make sure your <code>site_owner.php</code> file contains values that relate to the person or organisation who <em>own</em> the site.</p>

<h2>Check 7</h2>
<p>Don't forget to set up at least one live email account and run some two-way tests to make sure you're able to send and receive emails. The mechanics of setting up email accounts is beyond the scope of this documentation. However, it's always a good idea to talk to your web hosts and see if they have any recommendations that might prove to be helpful.</p>

<h2>Check 8</h2>
<p>And finally... when you're testing a live website for the first time, it's a very good idea to use a different computer from the one that you built on. If that's not possible then <strong>switch off the PHP engine on your localhost</strong>. One of the most common mistakes developers make when they launch is they leave 'localhost' paths in their code. Switching off localhost makes those kinds of mistakes very easy to spot.</p>

<h2>BONUS CHECK</h2>
<p>Most of the people who visit your website will probably be using mobile devices. So, be sure to test your site on a mobile device such as a smartphone.</p>
<div class="alert alert-danger">
  If you use GIT, be extra careful to avoid uploading a commit that contains your live website settings. Every day, websites get hacked because of developers accidentally uploading passwords and other credentials to GitHub.
</div>

<div class="alert alert-success">
  <strong>Git users</strong> - for maximum security, it is recommended to have your entire <code>config</code> directory declared in your <code>.gitignore</code> file. Furthermore, when uploading your config files, it's a good practice to use a basic FTP application like Filezilla. The uploading of site settings is safest when it is handled manually and beyond the reach of third-party software or websites. When it comes to uploading config files and other sensitive data, <em>think old school.</em> That means no GIT. No exotic third-party software. Just basic, simple FTP software.
</div>
